From: Matt Caswell <matt@openssl.org>
Date: Wed, 18 Apr 2018 11:03:41 +0000 (+0100)
Subject: Return 0 on a non-matching kdf_type
X-Git-Tag: OpenSSL_1_0_2p~81
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c6c7bb010770cbf7d818d0ef8f5628decaa7e037;p=oweals%2Fopenssl.git

Return 0 on a non-matching kdf_type

If we have a non-matching kdf_type then pkey_dh_derive silently succeeds.
It should fail. This is a "should not happen" condition anyway so the
impact is negligible.

Fixes #2440

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6000)
---

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 6452482c87..926be98e7f 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -486,7 +486,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         return ret;
     }
 #endif
-    return 1;
+    return 0;
 }
 
 const EVP_PKEY_METHOD dh_pkey_meth = {